CVE-2014-4264: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.

CVE-2014-2483 [CRITICAL] OpenJDK 7 update Title: OpenJDK 7 update Summary: This update provides stability updates for OpenJDK 7. USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263)

[CRITICAL] OpenJDK 7 regression Title: OpenJDK 7 regression Summary: USN-2319-1 introduced a regression in OpenJDK 7. USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and d

CVE-2014-2483 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in t

CVE-2014-4264 [MEDIUM] OpenJDK: Incorrect TLS/EC management (Security, 8031340) OpenJDK: Incorrect TLS/EC management (Security, 8031340) Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-sun (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-sun (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 7) - Not affected Package: java-1.6.0-sun (Red Hat Enterprise Linux 7) - Not affected Package: java-1.7.0-open

CVE-2014-4264 [MEDIUM] GHSA-c8jv-jvr4-6p8c: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.

CVE-2014-2483 [CRITICAL] openjdk-7 update openjdk-7 update USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data

[CRITICAL] openjdk-7 regression openjdk-7 regression USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive

CVE-2014-2483 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit

CVE-2014-4264 [MEDIUM] CVE-2014-4264 OpenJDK: Incorrect TLS/EC management (Security, 8031340) CVE-2014-4264 OpenJDK: Incorrect TLS/EC management (Security, 8031340) It was discovered that the Security component did not properly handle data related to TLS and elliptic curves. An unauthenticated remote attacker could exploit this to impact the availability of the Java Virtual Machine. Discussion: This issue affects Elliptic Curve (EC) cryptography implementation in OpenJDK. The OpenJDK packages shipped in Red Hat Enterprise Linux and Fedora do not enable EC support, and hence were not affected by this issue. --- Fixed now in Oracle Java SE 7.0u65 and 8.0u11 via Critical Patch Update July 2014. Fixed in IcedTea 2.5.1 for OpenJDK 7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html OpenJDK 7 Patch(es): http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084